Almost a million fake apps are targeting your phone

Trend Micro finds hundreds of thousands of fake Android apps in trawl of online stores, forums

Fake apps dressed up to look like official ones but actually designed to steal user data are increasingly targeting Android phone users, according to a study by Trend Micro.

The company looked at the top 50 free apps in Google’s Play Store and then searched Google’s app store and others to see if fake versions existed. It found fake versions existed for 77 percent of the apps. The fake apps are often made to look like the real ones and have the same functions, but carry a dangerous extra payload.

“We’ve been tracking the activity of malicious or high-risk apps for nearly five years,” said JD Sherry, vice president of technology and solutions at Trend Micro. “The potential for people to slip things past the gate and appear legitimate is much easier.”

Tokyo-based Trend Micro, which makes antivirus and antimalware software that guard against such risks, said it cataloged 890,482 fake apps in a survey conducted in April this year. More than half were judged to be malicious of which 59,185 were aggressive adware and 394,263 were malware.

The most common type of fake app purports to be antivirus software — targeting users who think they are protecting themselves from such problems. In some cases, the apps ask users to approve administrator privileges, which allow the app wider access to the phone’s software and data and make it more difficult to remove.

While many of the fake apps exist on forums or third-party app stores where security is either weaker than Google’s Play Store or nonexistent, fake apps can also invade the official Google store.

“A more recent example of a rogue antivirus app known as “Virus Shield” received a 4.7-star rating after being downloaded more than 10,000 times, mostly with the aid of bots,” Trend Micro said in its report.

Cheekily, scammers charged $3.99 for the fake app, which promised to prevent harmful apps from being installed. It was removed by Google after a few days, but not before it fooled thousands of users and even became a “top new paid app” in the Play Store. Trend said it was “perplexing” how the app achieved “top” status.

Attackers sometimes play on hype for apps.

When the “Flappy Bird” game was taken off the Play Store, fake versions appeared, some of which sent premium text messages. And before BlackBerry released its BBM messenger app for Android, a number of fake versions appeared that were downloaded more than 100,000 times.

Trend Micro’s report was published on the same day Google said it had formed a security team to go after so-called “zero-day” exploits in software that allow attackers to target users before software companies issue patches.

Sherry said he thought Google’s announcement was “ironic” considering the large number of problems Trend Micro found in Google’s own backyard.

“I strongly suggest they take aim at the Android marketplace and Google Play,” he said.


MCTS Training, MCITP Trainnig

Best comptia A+ Training, Comptia A+ Certification at Certkingdom.com

 

Posted in Tech | Tagged , , , , , | Leave a comment

CompTIA Server + jobs in UK

Many students from all over the world move towards UK for completion of their higher studies. UK has best universities and educational institutes that provide students with knowledge and skills about their specialized subjects. As technology has become more innovated and is transformed, IT infrastructure provides students with best infrastructures.

Delivering lectures and providing them to students was not as efficient process as it became with this it infrastructure. In theses universities IT professionals with CompTIA server + certification were responsible to deliver lecture through a single work flow that creates and publishes content of the selected topics. Students were getting feedback and they get reliable play back regardless of any platforms. CompTIA server + certified professionals found this process more efficient, feasible and cost effective. Almost all universities and institutes were searching for CCompTIA server + certified professional. They hired new ones and also some of the institutes provided their students with this certification.

All the computers with in university premises and students laptops were interconnected in one network through which exchange of information was easy. Administrators, professors and students were now connected in campus network. CompTIA server + certified professionals were also able to manage software hosting, messaging, file sharing and storage, data storage and its retrieval.

This system was so productive that changed all the academics departments’ performance and resulted in more objective oriented and goal oriented systems. CompTIA server + certified professionals not only provided an efficient academic structure but this system was secure with many back up files. This system was needed to be maintained and managed with time intervals which were also one of responsibility of CompTIA server + certified professionals. These professionals were trained for disaster management and all these were utilized and they wren paid heavily for that.

The professionals with CompTIA Server + credential can easily derive a salary between GBP: US$: 35,000 to 50,000.


Cisco CCNA Training, Cisco CCNA Certification

Best comptia A+ Training, Comptia A+ Certification at Certkingdom.com

 

Posted in CompTIA Server + | Tagged , , , , | Leave a comment

CompTIA Linux+ Certification 2014

The Linux+ Certification 2014 is provided by CompTIA, which is a non-profit trade association and provides various professional certifications for the IT industry, all over the world. CompTIA also provides membership programs which include informative resources for the businesses and allows them to stay updated and at the forefront of the IT industry. CompTIA’s certifications including the Server+ certification are recognized by the American National Standards Institute (ANSI) which increases their significance in the IT industry.

CompTIA’s Linux+ Certification 2014 focuses on knowledge of the Linux operating system and its variant operating systems, including details regarding their installation and operation and the basic concepts of free software and open source licenses, associated with these operating systems. Professionals having the Linux+ Certification 2014 have the skills and knowledge to use the Linux command line, perform installation, configuration and maintenance of Linux workstations as well as assisting users with Linux.

Ever since its release the CompTIA Linux+ Certification 2014 exam has received some criticism about the huge number of questions related to hardware that were on the exam in its initial versions, the same kind of questions, which were covered on the A+ exam also. However the newest version of the exam has removed this discrepancy. The evolution of the CompTIA Linux+ Certification 2014 began in July, 2008 and incorporated a Job Task Analysis (JTA), in which subject experts on the operating system evaluated job roles and assignments of IT professionals involved with open source operating systems. This information is then used for the purpose of to updating the exam objectives of Linux+ Certification 2014s.

Linux+ Certification 2014 Requirements

Candidates attempting the Linux+ Certification 2014 must have 6 to 12 months of practical experience using the Linux operating system and its administration. The certification consists of two exams the LX0-101 and LX0-102. There are 60 questions on each exam and the duration of the exams is 90 minutes Passing score of 500 is required on a scale of 200-800. Currently the exam is available in English language with the German, Brazilian, Portuguese, Chinese and Spanish languages versions planned to be introduced soon by CompTIA.

CompTIA’s recommendations for Linux+ prerequisites are the CompTIA A+ and CompTIA Network+ certifications along with practical experience. The previous version of the Linux+ Certification 2014 exam was the exam XK0-002, which is scheduled to be retired at the end of October 2010.

Exam Topics

Exam topics frequently include subject matter related to the installation methods of Linux, configuration of boot loader, RPM management systems, working with Linux directories using the command line and bash shell, security matters, network administration, mounting file systems and configuration files of applications that Linux servers commonly run. Also included are topics about system architecture, GNU and Unix commands, devices under Linux, file systems and their hierarchy standard.

The configuration and usage of the X Window system is also a part of formal exam objectives, but questions regarding this topic rarely appear in the exam. The reason for this that the exam is concentrated more on use and working of the Linux operating system in the server and networks domain as compared to its use as a desktop


Comptia A+ Training, Comptia A+ certification

Best comptia A+ Training, Comptia A+ Certification at Certkingdom.com

Posted in Comptia Linux | Tagged , , , , , , , , , | Leave a comment

CompTIA A+ Certification 2014 Job Satisfied

The A+ Certification is provided by CompTIA, which is a non-profit trade association and provides various professional certifications for the IT industry, all over the world. CompTIA’s certifications including the A+ certification are recognized by the American National Standards Institute (ANSI) which increases their significance in the IT industry.

The A+ certification is basically designed to be vendor neutral and covers various technologies from different vendors, including Microsoft, Apple, HP, Novell, Cisco and Linux Distributions. Professionals having the A+ certification are recognized as competent entry level computer technicians, having knowledge which is the equivalent of 500 hours of field experience.

Candidates who have acquired the A+ certification possess the required knowledge to understand the fundamentals of and identify the different components of computer technology, networking and security.

Since its development back in 1993, the A+ certification has gone through four revisions the latest version which was introduced in 2009, requires the candidates to pass two exams to achieve the certification these include the A+ Essentials and A+ Practical Application exams.

Because the A+ certification is ISO 17024 accredited, it goes through updates to the exam, on a regular basis. Due to changes in certification conditions that were announced in 2010 the A+ certifications will now expire after 3 years. Previously these certifications had a lifetime validity status. People who are current certificate holders will retain the validity for life but the candidates attempting the certification after December 31, 2010 will have a expiry period of 3 years on their certifications. To date there are more than 700,000 people worldwide, who have earned the A+ certification.

The A+ Certification requires 2 exams:
CompTIA A+ Essentials – Exam 220-801
CompTIA A+ Practical Application – Exam 220-802

Each exam consists of 100 questions and the duration for each exam is 90 minutes. The passing score on a scale of 100 – 900 is 675 for the A+ Essentials exam and 700 for the A+ Practical Application.

The exams are currently available in 8 different languages worldwide. The cost of the exams is $168 for each of the two exams, although CompTIA members are eligible for discounts.

The A+ certification combined with CompTIA’s Network+ certification can be used to qualify as an elective exam for Microsoft’s MCSA and MCSE certification

Exam Topics

The exam objectives are reviewed and revised at regular intervals to ensure that the contents of the certification are current. Due to this reason the following information is not necessarily an exhaustive list of test objectives.

Hardware
Troubleshooting, Repair & Maintenance
Operating System and Software
Networking
Security
Operational Procedure

Sub topics under these main exam objectives include knowledge about IRQs, direct memory access, and practical skills regarding computer repair, which includes the installation and repair of various devices i.e. hard drives, modems, network cards, CPUs, power supplies along with PDAs and printers. The main emphasis of the exam is not theory, but developing practical skills.

 

 


MCTS Training, MCITP Trainnig

Best comptia A+ Training, Comptia A+ Certification at Certkingdom.com

Posted in Comptia, Comptia A+ | Tagged , , , , | Leave a comment

Impact of Today’s Hardware and Software Applications in Cloud-based Environments: Part 1

As an industry, we have been looking at cloud-based technologies both from private and public structure and how best to optimize design, engineer and develop such technologies to better optimize the world of wireless and the Internet of Everything.

Practical advice for you to take full advantage of the benefits of APM and keep your IT environment

But one aspect that has not been discussed at length is how poorly hardware and software perform in cloud-based environments. I want to discuss some of the challenges facing the industry and some potential solutions that can help create and bring a new revolution to the world of Wide Area Networks (WAN), along with the automation of practically every human-to-human and human-to-machine interface.

Currently, there are two technologies being discussed in almost every seminar or white paper being published—software defined networking (SDN) and network function virtualization (NFV). While these vary in structure by different vendors, clearly, all of them attack certain aspects of the mobile carrier network or Tier 1 landline networks. Let me give you my two-cents on what these technologies must address:

SDN must create a more agile network with the development of an open northbound interface. This becomes an enabler for service providers (SPs) to reduce time-to-market for service introduction, reduce capex unit cost by focusing network elements (NEs) to just move traffic, and reducing opex unit cost for network services that take significant human capital cost to deliver, such as establishing protection and restoration or provisioning new connectivity services.

NFV must enable SPs to provide new services, and hence, new incremental revenue, by replacing dedicated hardware/software located on the customer premise, e.g., DVR, storage, firewall and others.

Cloud computing, on the other hand, must enable enterprises to leverage shared and scalable computing resources, hardware and software to impact their capex and opex unit costs.

These promises are expected to deliver much better total cost of ownership (TCO) with lower opex and in essence support moving to a hardware-agnostic or independent model, offering further savings.

About a decade ago, I predicted that the battleground in the 21st century would be all about software and not hardware. Although hardware is needed, it is the role of software to optimize all five functions above using new state-of-the-art technologies such as SDN and NFV.

The problem that can become very complicated is that enterprise customers’ networks and appliances are not designed for multiple tenants, pay-for-play or on-demand services. However, SDN and NFV are fundamentally designed for such functions. That means that it is imperative for CXOs to sponsor corporate-wide programs to move into SDN and NFV, offering capabilities to drive higher revenues while competing for device replacements at the network margins from mobile access points up to wireline or Wide Area Networks.

SDN, by itself, is not really a new technology and has been in existence since 2006. It has been used to mainly improve data center performance, since the concept of big central offices with large Class 4/5 switches are pretty much obsolete in the 21st century.

But SDN has a long way to go to deliver an agile network. Today’s management of transport networks does not match the agility of the cloud-based services being deployed on them. These two have to converge to bring the transport agility into the 21st century for service delivery. Why should it take weeks and months to establish a new enterprise customer on an SP network? Why should it take weeks to provision high-speed point-to-point connectivity with specific protection requirements? SDN has yet to deliver just that.

NFV, in contrast, was introduced between 2010 and 2012 to operators in order to improve service time-to-market and network flexibility and allow a smooth transition to the cloud with significantly lower opex. In my view, the sky is the limit on NFV. For any onsite services (e.g., storage, firewall and DVR), whether today or in the future, NFV gives SPs the opportunity to deliver both consumers and enterprises major benefits, such as having a turn-key solution that lowers costs and improves quality of service (QoS).

The initial applications of SDN and NFV have changed greatly over the past few years. SDN focused mainly on cloud orchestration and networking, while NFV focused on IP-based protocols and capabilities such as DNS, DHCP, DPI, firewalls, gateways, and traffic management.

From my perspective, I believe NFV has already taken over Layer 4-7 of the SDN movement by delivering lower capex and cycle time, creating a competitive supply of innovative applications by third parties and introducing control abstractions to foster innovations that carriers need in order to compete with all over-the-top players.

Let’s also note that the new world requires openness in almost every API layer of the network from access to the core. The issue is legacy systems and processes that need to be changed in order to adapt to the new world of SDN and NFV.

Nowhere is this more critical than the mobile and Tier 1 landline carriers.

In essence, these sectors need to change all analog processes using legacy systems into digital processes, in which NFV can easily fit. That transition may take years, if not a decade, before it is fully implemented.

But the question is whether MNOs and Tier 1 carriers can wait that long to implement NFV and get the most optimized set of solutions in order to compete globally.

My guess is no, they cannot wait and stay competitive. The transition to NFV can be done more quickly, and I’m going to tell you how.


MCTS Training, MCITP Trainnig

Best comptia A+ Training, Comptia A+ Certification at Certkingdom.com

 

 

Posted in Comptia | Tagged , , , , | Leave a comment

7 tips for older programmers joining startups

In the grand scheme of things, 40-something isn’t considered old. But anything beyond 20-something is often considered old in that stereotypical bastion of fresh-out-of-school youth – the startup. Joining a startup can give seasoned programmers a new jolt of energy and excitement, but can also cause them concern over trying to bridge the generation gap with their new, younger colleagues. A number of programmers, of all ages, recently shared advice on Slashdot for older developers considering joining startups. Here are 7 tips they gave for you more seasoned developers to keep in mind when joining a startup.

Act your age
Just because you’re joining a company full of 20 year-old developers with no family obligations who like to socialize a lot, doesn’t mean you have to try to match their partying ways. Act your age and let your work speak for itself.
“You’re there to do a job, not be a frat buddy.” minkie
“… you will be respected for your technical expertise and not for any foolish attempt to ‘fit in’ bar hopping with super-annuated adolescent co-workers.” pigiron
“If the company succeeds, those events will go away, and you’ll fit in; if they don’t go away, the company will fail, and you won’t need to worry about that problem anymore.”

Don’t isolate yourself
While you shouldn’t try too hard to fit in socially with your younger colleagues, you also shouldn’t isolate yourself. Taking part in the occasional group activity can help you make you feel part of the team.
“I definitely don’t participate in all the extracurricular activities, but I do join in enough to stay part of the scene. “ dhaines
“Cultural activities can be had that don’t have to interfere with your WLB (work-life balance).” Anonymous
“Make time to show up for a few of the more innocuous extracurriculars even though you have a family. You don’t have to go to the strip club, but a couple of drinks and a round of pool won’t kill you.” Anonymous

Work smarter, not harder
Don’t fall into the stereotypical startup trap of regularly working crazy hours. Use your experience to do your work in a reasonable amount of time so you can still have a life with your family. You’ll be happier and the youngsters just may learn a thing from you about working efficiently and having a life away from work.
“… being more experienced, professional and efficient makes up for long hours.” Anonymous
“Use your maturity to avoid being the 16 hour per day programmer.” Anonymous
“I would rather have a guy who is excited, happy and engaged, outdoing the younger kids and showing how it gets done, all while having that WLB (work-life balance).” Anonymous

Be upfront about your needs
Before even joining a startup, try to get a sense for the company culture and whether it would be a good fit for you. Be upfront about your family commitments and make sure that the company will be accepting and supportive of your needs.
“Setting office hours clearly helps. IE, I will always be there by nine, and I won’t take meetings after 4pm (my personal plan).” Anonymous
“You don’t want to be the bottle-neck on a critical release cycle because of family commitments, so sharing your schedule and setting fair expectations on when you can work is important.”
Wrexs0ul
“If you feel that the company’s culture won’t be accepting of your needs, run away.” Sheepless

Share your wisdom
Don’t be afraid to share the wisdom you’ve gained through your years of experience. Use it to provide guidance and to mentor younger developers who will, most likely, appreciate it.
“You will have insight into problems that the 20 somethings will never have. That is nothing to be shy or ashamed of.” crispytwo
“Come in as the voice of wisdom and experience. It’s useful!” Lally Singh
“… I took the opportunity to become a mentor for the young guys. It’s worked very well.” Anonymous
“They will appreciate the times when someone comes up with a bad idea that looks good, but you can say ‘I’ve seen this before, here’s what happened…’” Strudelkugel

Respect your younger coworkers
Don’t shy away from being the voice of experience with younger coworkers, but make sure you do so in a way that won’t alienate them. Remember what it was like when you were their age and how you would have like to been treated.
“Remember that they’re young, not stupid (at least most of them)- show them why they’re wrong politely and show them why your way is better respectfully.” AuMatar
“Make use of teachable moments while not talking down to them.” Anonymous
“Respect them (the younger employees). Nobody wants to be made to feel stupid. Do not look down your nose at them.” Anonymous

Focus on the work
In the end, just remember that you were hired to do a job. Focus on doing that to the best of your abilities and odds are that all will be well.
“… I think as long as you do your job right with the right attitude, you’re doing your job and that’s what matters most.” Anonymous
“Be excellent. That’s why they’re going to hire you.” larwe
“… focus on the work, be engaged and open-minded, and you’ll be fine.” cbybear
“Be yourself, kick butt, take names.” samantha


Comptia A+ Training, Comptia A+ certification

Best comptia A+ Training, Comptia A+ Certification at Certkingdom.com

 

Posted in Tech | Tagged , , , , , , , , , | Leave a comment

Security Manager’s Journal: Taking steps to better lock down the network

Our manager decides that, like users, resources on the network should adhere to the rule of least privilege.

The resources on our network have been given too much access to the Internet, and we need to curb that.

At issue: Servers and other resources on the network have unhindered access to the Internet.

Action plan: Assemble a team to assess the situation and make recommendations.

One of my primary security philosophies is the rule of least privilege, which can be defined as the practice of granting only the minimum amount of access necessary to get work done. Typically, the rule is met by defining role-based access to applications or data, but I extend this philosophy to all areas of business. This week, I prepared to apply the rule to resources on our network.

Consider production Web servers. They serve up Web pages to the public, so you would expect them to accept requests from the Internet. But what access is needed in the other direction? Should an administrator conducting maintenance on the server be able to use it to access his Yahoo email, Facebook or (shudder) Dropbox? In fact, except for a very small portion pertaining to business-related activity, the vast majority of the Internet should be unavailable from that Web server.

I decided to have my security engineers work with the network team to explore this issue and start to prioritize the work we would need to do. I had them focus on four areas.

The first is the production server network, which includes our DMZ, production and test (preproduction) networks. When you get right down to it, those servers need very little access to the Internet. And many security breaches are successful because a server was able to initiate a connection to a command-and-control server or some other malicious location on the Internet. Our firewalls currently allow virtually any traffic originating from the production network to the Internet. That has to be curtailed.

The next area is our R&D network. Servers on that network also have little reason to initiate a connection to the Internet, but the engineers who work in R&D need to innovate, so I’m willing to be a bit more flexible. Those same engineers, however, constantly complain that patching and antivirus software cause performance to deteriorate, and they refuse to comply with our requirements. Because of this, we isolate the R&D network from the rest of our network.

The third area is our corporate network, or what some call the PC network, since it’s reserved for all our PCs. We can’t completely lock it down, since we give a good deal of latitude to employees when it comes to accessing the Internet. Nonetheless, we can put some things out of bounds, and so we reviewed our firewalls’ ability to block certain categories of websites and applications that could lead to problems for legal, HR or security. We already block pornography, malware and spyware sites. We will be adding phishing sites, anonymizers (which employees use to bypass our filtering), peer-to-peer sites, remote control services (such as LogMeIn), parked domains (Internet domains with no services) and personal file storage.

Finally, there’s our critical zone, the area of the production network that contains our most critical resources. Currently, we allow all corporate traffic to this area of our network, when in reality, employees mostly need merely to have Web access. Now that we’ve incorporated user identity into our firewalls, we can create rules based on who you are and restrict administrative access to our critical resources to those administrators who need it.

Simple, right? Just configure the firewalls and block traffic. Unfortunately, in order to implement all of the changes I’ve mentioned, we have to conduct a business impact analysis, since we can’t afford to make changes that affect our ability to deliver products or services. Therefore, the next course of action is to study the current network traffic to understand any valid business requirements before executing the plan.


Comptia A+ Training, Comptia A+ certification

Best comptia A+ Training, Comptia A+ Certification at Certkingdom.com

 

 

Posted in Tech | Tagged , , , , , | Leave a comment

Richest CEO and pay raises 2013

Which tech leaders received the most generous pay hikes in 2013?

Avaya CEO Kevin Kennedy got a fivefold pay increase last year. Sprint more than quadrupled Dan Hesse’s package. Which other tech CEOs saw dramatic pay jumps in 2013? We examined 62 tech CEOs’ total compensation — including salary, bonuses, stock awards, and perks — and found 10 who landed the biggest raises.

Kevin Kennedy
CEO and president, Avaya

Percentage-wise, Kevin Kennedy’s raise is the most jaw dropping at 454%. His $7.4 million compensation was more than five times the value of his 2012 pay, which came in at $1.3 million. The dollar amount difference is slightly more than $6 million. Kennedy’s 2013 pay package included his $1.3 million salary, $3.2 million in bonuses, stock awards valued at $2.6 million, and $17,571 in perks and other compensation. In 2012, Avaya didn’t give any equity awards or cash bonuses to Kennedy.

Dan Hesse
CEO and president, Sprint
By dollar amount, Dan Hesse’s raise blows away that of any other tech CEO. His 2013 pay package, worth $49.1 million, was nearly $38 million more than what he made a year earlier ($11.1 million). The difference is due to a giant grant of restricted stock and options awards — valued at a combined $34.1 million at the time they were granted. The Sprint CEO’s total package also included a $1.2 million salary, $13.4 million bonus, and $372,078 in perks and other compensation.

Thomas Richards
CEO, president and chairman, CDW
Thomas Richards, the head of CDW, saw his pay nearly double last year, spiking from $3.2 million in 2012 to $6.3 million in 2013. Richards’ total compensation included his $793,779 salary, $1.2 million bonus, option awards valued at $2.4 million, $266,204 attributed to non-qualified deferred compensation earnings, and $1.6 million in perks and other compensation.

Comptia A+ Training, Comptia A+ certification

Best comptia A+ Training, Comptia A+ Certification at Certkingdom.com

John Chambers
CEO and chairman, Cisco
An 80% raise boosted John Chambers’ compensation above $21 million last year. In 2012, the Cisco CEO received $11.7 million. The biggest gains came in the form of stock awards valued at $15.2 million (compared to $7.3 million in 2012). Chambers also received a $4.7 million cash bonus, and his salary rose from $375,000 in 2012 to $1.1 million in 2013.

Alain Monié
CEO, Ingram Micro
Alain Monié’s compensation was fairly consistent from 2012 to 2013 — with one $5 million exception. His total pay in 2013 included his $876,923 salary (compared to $840,501 a year earlier), $1.4 million bonus (down from $1.6 million), stock awards valued at $5 million (up from $4.5 million), and $23,813 in perks and other compensation (compared to $34,169 in 2012). The big difference is an additional grant of option awards, valued at $5 million. The year before, Ingram Micro didn’t grant any option awards to Monié.

Jerry Kennelly
CEO and chairman, Riverbed
A jump in stock awards drove up Jerry Kennelly’s 2013 compensation, which was valued at $12.8 million. A year earlier, Riverbed’s CEO received $8 million. Kennelly’s 2013 pay included his $750,000 salary (up from $650,000), $751,853 bonus (up from $568,399), and stock awards valued at $11.3 million (up from $6.8 million in 2012).

Sanjay Mehrotra
CEO and president, SanDisk
A 60% raise — largely in the form of a cash bonus — brought Sanjay Mehrotra’s total pay up to $10.6 million last year. In 2012, the chief exec and co-founder of flash storage maker SanDisk received $6.7 million. Mehrotra’s 2013 package included his $946,134 salary (up from $880,769); $3.1 million bonus (up from $661,500); stock awards valued at $3.2 million (up from $2.4 million); option awards valued at $3.3 million (up from $2.7 million); and $100,218 in perks and other compensation.

John McAdam
CEO and president, F5

Last year delivered a $3 million boost for John McAdam, CEO of application delivery specialist F5. His 2013 pay package, valued at $8.3 million, included his $817,636 salary, $897,196 bonus, and stock awards valued at $6.5 million (up from $3.8 million a year earlier). In 2012, McAdam received a $5.2 million pay package.

James Bidzos
CEO, president and chairman, Verisign
Verisign boosted James Bidzos’ pay by 46% last year, with the gains showing up primarily in his bonus and equity awards. In 2013, Bidzos received $8.5 million, which included his $752,885 salary, $957,750 bonus (up from $593,550), and equity awards valued at $6.8 million (up from $4.5 million in 2012). In 2012, his pay was $5.9 million.

Shantanu Narayen
CEO and president, Adobe
A 31% raise drove Shantanu Narayen’s compensation up to $15.7 million last year. A year earlier, he made $12 million. His total package included a $941,667 salary, $1.6 million bonus, and $19,211 in perks and other compensation. Narayen also received stock awards valued at $13.1 million. That’s where he made the biggest gains; a year earlier, his equity awards were valued at $9.7 million.

Posted in Tech | Tagged , , , | Leave a comment

The World’s Best (and Worst) IT Cities to Work and Play

Despite all the economic and political strife in the world, the globe-trotting techie still has opportunities for working at home and abroad — and even take in an adventure! For every hot spot, however, there’s an evil twin nearby. Here are some cities that should tickle the traveling bone of IT pros, as well as cities in the same country to steer clear of.

Brazil’s Best: Sao Paulo
Sao Paulo is a city on high-tech’s fast track, specifically the emerging area known as Brooklin. Who’s in Sao Paulo? AT&T, Microsoft, Samsung, Oracle, Hewlett-Packard, to name a few. Sao Paulo’s favorite tech son is Mike Krieger, co-founder of Instagram, the picture-sharing app that Facebook just bought for $1 billion.

Brazil’s Worst: Sao Paulo Slums
You don’t have to venture far from the booming central city of Sao Paulo to find the worst places. Sao Paulo has some of the largest slum populations in South America. We’re talking shanty towns made of cardboard and wood and the occasional concrete wall. It’s a tale of two cities.


Germany’s Best: Munich
Here are some cool stats about Munich: It’s the third largest city in Germany, plays host to many large companies (BMW, Siemens, Allianz) and has one of the largest communities of programmers. Even better, Munich has a buzzing nightlife and is well-known for its breweries and tasty white sausage.

Germany’s Worst: East Berlin in the ’80s
We’re going back in time before President Ronald Reagan told Russian leader Mikhail Gorbachev to “tear down this wall.” The Berlin Wall, built in 1961, became a symbol of communism. Living in East Berlin up until the late ’80s was an oppressive, Orwellian experience. Thankfully they tore down that wall in ’89.


France’s Best: Paris
Paris is one of the great cities in the world and should be on the short-list for job destinations. There is so much to do: spending leisure time in a cafe, gazing at the Eiffel Tower, touring the cathedral of Notre-Dame. Of course, we’re not all that sure about the technology scene. Our guess is it’s a bit insulated, given the many years France spent pushing its own version of the Internet, called Minitel.

France’s Worst: Rest of France
Quick, name another major city in France you’d want to visit.


China’s Best: Beijing
No global list would be complete without a city in China, which is well on its way to becoming the country capital of the world. The tech capital in China is Beijing, home to a wealth of tech talent, venture capital and the acclaimed Tsinghua University. If Beijing isn’t your thing, try Hong Kong. A couple of years ago, Forbes called Hong Kong China’s next tech hub.

China’s Worst: Linfen
A few years ago, CIO.com put together a slideshow of the Worst Cities to Work in IT: International Edition. Guess what city topped the list? Answer: the coal-producing center of Linfen, China. Combine coal, air and people, and you get one of the most polluted cities in the world.


England’s Best: London
London’s calling! This is the place to be if you’re looking for tech work abroad. Check out London’s major tech locale, Tech City/Silicon Roundabout. “Despite our investors being in Silicon Valley, I came here because all of our customers have a strong presence in London,” says American ex-pat Rob Fitzpatrick, founder of startup FounderCentric.

England’s Worst: Nottingham
A few years ago, think tank Reform ranked Nottingham as the most crime-ridden major city in England and Wales. Apparently, the evil Sheriff of Nottingham got the last laugh on Robin Hood. Most recently, a dozen men and two youths were sentenced for rioting last summer, which included firebombing a police station. And you thought Sherwood Forest was dangerous.


UAE’s Worst: Dubai
Then there’s the ugly side of Dubai. Despite its modern wonders, Dubai is steeped in cultural tradition. American expatriates can land in jail for all sorts of minor transgressions: kissing or holding hands in public, swearing or making rude gestures, driving with any amount of alcohol, wearing revealing clothing at places other than the beach, etc. Be careful, techies

UAE’s Best: Dubai
Dubai is the world’s richest dream destination rising out of the desert. You can venture onto a man-made island in the shape of a palm tree, snow ski in a hotel while the sun beats down outside, and work in some of the most modern facilities. We hear the nightlife is pretty exciting, too.

Dubai’s tech scene, Internet City, is the largest information and communication technology business park in the Middle East.


Ireland’s Worst: Belfast
The Belfast “Good Friday” agreement of 1998 ended the Troubles in Northern Ireland, yet there are still occasional outbreaks of violence. Most folks will tell you Belfast is perfectly safe, citing low crime rates and friendly people. Then again, Belfast is the birth place of the Titanic. How much bad luck can one place have?

Ireland’s Best: Dublin
Earlier this year, Microsoft began investing an additional $130 million in its data center in Dublin. Computer training schools have also popped up. Dublin is fast becoming one of the most exciting tech pubs, errr, hubs. Great, now we’re craving a pint of Guinness.


United States’ Worst: Middle of the Hatfield-McCoy Feud
If you watched the History Channel’s recent “Hatfields & McCoys” miniseries starring Kevin Costner and Bill Paxton, you’ll know that the Tug Fork off the Big Sandy River separating West Virginia and Kentucky isn’t the safest place to be. You can get shot just for having the wrong name.

United States’ Best: Silicon Valley
Let’s start with the homefront. If you’re a techie who wants to be in the center of the high-tech universe, there’s only one place to be: Silicon Valley. It’s the home to Apple, Google, Facebook, Oracle, Intel, and where venture capitalists along Sand Hill Road fuel great ideas. Oh, there’s also a nice little city to the north called San Francisco.


Australia’s Best: Sydney
Sydney and Melbourne are the two largest cities for IT in Australia. Actually, they’re the only cities in Australia. (Just joking, mate!) We’re going with Sydney because of its hot tech startup scene, venture capital, good bars, and lots of cool architecture. Check out Sydney’s Super Digital Precinct. Sydney is to software what Melbourne is to bio-tech.

Australia’s Worst: Great Barrier Reef
The Great Barrier Reef is a SCUBA diver’s paradise — that is, until the man in the white suit shows up. When this happens, you don’t want to be anywhere near the water. News reports of swimmers getting attacked by great white sharks in the Great Barrier Reef are becoming more common.


Comptia A+ Training, Comptia A+ certification

Best comptia A+ Training, Comptia A+ Certification at Certkingdom.com

 

Posted in Career | Tagged , , , , , | Leave a comment

Salaries for the 20 hottest tech jobs

Unemployment rates in the IT industry remain low. That’s good news for you because it means to compete for top tech talent, companies are offering higher salaries.

Quality Assurance Engineer
What it pays: $100,000 to $120,000

Quality control testing is crucial to ensure speed-to-market and security of software solutions and applications. Cirri says Mondo’s clients are most interested in candidates with experience in Selenium, QuickTest Pro (QTP) or Cucumber solutions, but that any candidate with QA experience is in great demand.

Systems Engineer
What it pays: $100,000 to $125,000

Systems engineers used to be restricted to administration and management of systems and server operating systems, but Cirri says Mondo’s clients are increasingly looking for programming and scripting experience, as well.

“It used to be that systems engineers would only administer an OS and maybe have some role in disaster recovery,” Cirri says. “But now, individuals with stronger coding and/or scripting experience are commanding salaries toward the higher end of this range,” he says. In addition to standard administration skills, Cirri says a knowledge of Linux, UNIX, virtualization tools like VMware and Citrix as well as scripting languages are mandatory.

C# / .Net Developer
What it pays: $90,000 to $125,000

There’s still a huge demand for developers with C# and .Net experience, Cirri says. “Our clients are still looking for folks with this kind of experience, but those candidates that also have Windows Communication Foundation (WCF) or Windows Presentation Foundation (WPF) experience can go even higher; to the tune of between $130,000 and $150,000,” Cirri says.

User Experience/User Interface Developer
What it pays: $110,000 to $130,000

User experience and user interface design are hot areas for both software companies and those in marketing and retail, says Cirri. While any experience with UX or UI is valuable, he says mobile device experiences can push candidates to the higher end of this salary range.

Drupal Developer
What it pays: $100,000 to $130,000

Drupal developers were all the rage in 2013, says Cirri, and while demand has slowed somewhat in 2014, Mondo’s government clients are increasingly demanding developers with Drupal skills.

“Our clients are asking for developers with both PHP language experience and specific APIs within the Drupal platform,” Cirri says. “The federal government is one of the clients that’s increasing its demand for Drupal, and that’s where a lot of the demand is coming from,” Cirri says.

PHP Developer
What it pays: $90,000 to $125,000

PHP developers are still needed, Cirri says, especially as the IT industry focuses on open source solutions as well as scripting of applications and sites. PHP developers can command salaries in the range of $90,000 to $125,000 in the New York region, Cirri says.

Big Data Engineer
What it pays: $125,000 to $145,000

Another big data role that’s gaining traction is big data engineer, says Cirri. These roles build on candidates’ experience with data warehousing, and Cirri says the most common platforms clients want are Hadoop, Netezza and Cloudera. “This is a great role for current data warehousing pros who are building their skills to incorporate big data,” Cirri says. “This is a case where the skills needed are not necessarily new, but the ways those skills are applied certainly is.”

DevOps
What it pays: $135,000 to $170,000

Walking the fine line between IT and business is what DevOps is all about, says Cirri, and developing open and productive communication between technical and line-of-business departments is a critical skill. DevOps professionals can have a variety of skills, both technical — programming, networking, software development — and soft — communication, marketing, sales, negation — and the more experience these pros have in either or both areas, the higher salary they can expect.

Project Manager
What it pays: $110,000 to $150,000

There’s no shortage of demand for project managers, and the number of skilled PMs in the market just isn’t sufficient, says Cirri. “Project managers are in short supply and high demand, and they always will be,” he says. “With the need to understand and implement the latest and greatest technology like Salesforce, new security platforms, mobile applications – we don’t think PMs will ever lack for high-paying positions.”

Related: The 9 most difficult-to-fill IT roles


Comptia A+ Training, Comptia A+ certification

Best comptia A+ Training, Comptia A+ Certification at Certkingdom.com

Posted in Career | Tagged , , | Leave a comment

How far are you willing to go to spy on your employees’ smartphones?

mSpy monitoring service/app tracks lots of data, but is it too snoopy?

The scoop: Mspy mobile phone monitoring service/app, starting at $40 per month (as tested, features would cost $70 per month)
mspy 620

What is it? The ultimate eavesdropping solution for people who want to see what their employees, kids or spouse are doing on their Android (or jailbroken iPhone) smartphone. The service can track what phone numbers are being called, the recipient and contents of text messages, what photos, videos and audio recordings they’re taking, what web sites they’re visiting, and emails they’re making. You can also block the smartphone from visiting specific web sites,block specific applications, monitor other apps (Skype, WhatsApp, Facebook and Viber).

Why it’s cool: The vast amount of things that the app/service can monitor is quite impressive, if not totally complete (for example, you can’t see any incoming MMS message, so the off-color photo your daughter receives from the boyfriend won’t be detected). Features that the service offers — including device wipe, app/site blocking and incoming phone call blocking — are usually only seen on enterprise-level mobile device management (MDM) products/services. Seeing a service like this target consumers and (more likely), small-to-midsize businesses is an interesting trend.

Here’s a video that mSpy produced touting its service:

Some caveats: We had difficulty hearing our recorded phone calls (all we got was static rather than a recording); the location tracker seemed to utilize the cell phone towers for location, not the device’s GPS function (it took some time for the system to discover where the phone was located). The folks at mSpy said the likely culprit was an older version of the software on our test Android phone – but instead of an over-the-Internet firmware/app update, they said they’d have to update the phone in person (a paying user would likely have to physically update the app on the phone as well).

The bigger issue/problem for users is whether you want or need this amount of monitoring of your mobile devices. This is major spying / monitoring territory that you’re entering here – being able to see exactly what the smartphone user is doing with their phone. Whether it’s your employee, your child or your spouse/partner, the issue of trust comes up with software like this. Even though mSpy says on its site that “My Spy (mSpy) is designed for monitoring your employees or underage children on a smartphone or mobile device that you own or have proper consent to monitor,” and “You are required to notify users of the device that they are being monitored,” there’s a big chance that the user will forget about this at some point, and the boss/parent/spouse/partner will end up seeing something that they might not want to see. It’s a level of privacy invasion that I’m not comfortable doing with my wife and kids (maybe I’ll feel different when my kids get older), and I’d have doubts about having IT staff doing this with employees. If you have any doubts about what the app/service can do or is aimed at, type in mSpy in YouTube search and see that the second video is called “How I caught my boyfriend cheating using mSpy”.

The second issue is the cost. At $40 per month (the starting level, the features we tested would cost $70 per month), this service is cost prohibitive for a large majority of consumers, as it approaches (or even exceeds) the cost of a monthly phone service plan. However, mSpy does offer a 10-day refund policy, so maybe you can use the service for nine days to see what your spouse/child/employee is doing, and then cancel the service.


 

MCTS Certification, MCITP Certification
Best Comptia A+ Training | Comptia A+ Certification 2000+ Exams at Examkingdom.com

Posted in Tech | Tagged , | Leave a comment

The Transition from PSTN to VoIP: More Regulatory Questions than Answers

We touched briefly on some of the regulatory issues surrounding the PSTN transition to an all VoIP network in a previous edition, and had a chance to follow up our initial coverage with Greg Rogers, the Deputy General Counsel at Bandwidth. Though many of you may have not heard of Bandwidth, you have probably used their products before, since they offer wholesale telecom services to companies like Google, Skype, Vonage, and Republic Wireless. Bandwidth started off as a CLEC, and as a one of the CLECS who was a “last mover” to IP, they have had the advantage of building cutting edge unified communications services, also supporting over the top (OTT) VoIP.

Rogers noted that the FCC is wrestling with range of issues about if and how they should regulate VoIP, with new services and platforms creating more questions than answers. Looking back at early days for Vonage, one of the first debates was whether Vonage should support E-911 services—an issue that also was debated as a mandatory feature for the first IP-PBX callers. Eventually everyone agreed that E-911 had to be supported over VoIP, offering caller locations to local emergency services agencies. Naturally this is one feature that will be also be mandatory when the PSTN if replaced by a VoIP infrastructure. Similarly, Communications Assistance for Law Enforcement Act (CALEA) must be supported.

What is less clear is how to regulate text messages. The FCC would like to see emergency service agencies support text as a way to contact 911. While this may seem extraordinary, it is one very useful way for hearing impaired individuals to contact 911. Location services needed by 911 can be straight-forward if the text message is generated by wireless phone that has an assigned phone number, but how can location accuracy be guaranteed if the text message is generated by an app that is not interconnected to a phone?

What is also unclear is what regulators should do about consumer protections in a post-PSTN world. In the days of incumbent local exchange carriers (ILECS), multiple regulations protected consumer privacy. Should similar privacy protections be guaranteed by regulation, and how does can enforcement be provided to protect against inexperienced or unethical operators who might provide nothing more than an voice app for VoIP callers?

Other questions:

· Should regulatory agencies step in to standardize routing practices that offer quality of service guarantees?

· Is voice over LTE (VoLTE) calling an application that rides over wireless broadband, or is it a phone call?

· Should WebRTC services also support 911 connectivity?

· How should the FCC classify these calls, or should they even have jurisdiction to classify a VoLTE or peer-to-peer WebRTC session?

We know that last week, the FCC issued a new set of guidelines about net neutrality, so they are pretty busy considering how to fairly regulate technology on many fronts. But we also know the day is coming soon when legislators and regulators must address public policy for VoIP and unified communications – and that could make net neutrality look like “easy street.”

Our thanks to Bandwidth and to Greg Rogers for taking the time to highlight some of the regulatory challenges.


 

Comptia A+ Training, Comptia A+ certification

Best comptia A+ Training, Comptia A+ Certification at Certkingdom.com

Posted in Tech | Tagged | Leave a comment

Enterprise wanted there own IT cloud fears, HP says

Hewlett-Packard wish its center on private clouds — and it’s asset of power and capital in the skill — can convince enterprise IT executives that it can provide a safe way to come into the fray.

3 years after it vowed to turn into a chief cloud seller, HP Wednesday unveiled Helion, a set of products and services designed to help companies set up private clouds, and disclosed that it’s using OpenStack, a NASA-derived open source cloud operating system.

HP executives yesterday also dedicated to investing more than $1 billion over the next 2 years in study and development to extend the Helion portfolio, and build fresh cloud new data centers and team them up.

“We are living in a period of enormous change,” HP President and CEO Meg Whitman told reporters yesterday. “Open source is enabling an entire industry to build solutions that solve problems. The result is something that is more flexible and secure than any company could deliver alone.”

HP is aim Amazon, Google, IBM and Microsoft – corporations that are already strongc cloud company. The company says its spotlight on personal clouds, and thus on security for big companies that wish for to take benefit of the cloud’s scalability and additional features, and be able to handle and look after their own data, will provide a competitive edge.

At this point, there are plenty of vendors that can assist companies construct their own cloud system, but most are small, new businesses. HP believes it has an benefit as has a tech developed huge. But now it’s a large player in a still relatively little pool.

“Server huggers will be involved in this,” said Gartner analyst Lydia Leong, referring to “those organizations that desire to construct and run things themselves. IT administrators may include objections to the civic cloud. They don’t trust what they don’t control. There are reasons to build it yourself.”

By costs $1 billion on its cloud effort, HP absolutely is gearing up to be a chief player, though already accepted cloud vendors, like Google and Amazon have been investing that kind of money — more, actually — for some time now.

Jeff Kagan, an independent industry analyst, said HP’s $1 billion investing is probably only 20% to 25% of what Google and Amazon are investing every year on their cloud businesses. Nonetheless he said the HP cloud plan could be a threat to those organizations.

“It’s a threat to everybody,” said Kagan. “Every move that every competitor makes at this point is a risk because you don’t know who will be top a year from now or 5 years from now. There are a lot of organizations getting in the cloud.”

“This is a matter of what do organizations want? Do they want to set it up on their own? Do they want to just rent space and have someone else take care of it? There’s no right or wrong. It’s just a different approach,” he added

A lot of companies will base their decisions on which solution can significantly cut their anxiety about cloud computing performance, security and other issues.

A fresh study by IHS showed that 73% of IT executives think cloud providers are beating performance issues.

“The enterprise IT folks are being very, very cautious about their migration to the cloud,” Jagdish Rebello, an analyst with HIS, recently told Computerworld. “They see the cost benefits but when they look at reliability and security, there is essentially a fear of going there wholeheartedly.”

HP hopes those IT executives will show a big interest in going to a cloud they can control.

“I think the big companies, mainly the Fortune 500s, will be looking at this architecture,” Rebello said today. “It’s a play for them to go into the personal cloud. They’re worried about the security of their data being on somebody else’s servers, so they are going to be more paying attention in the private cloud.”

This is a unlike play into this bazaar, as opposed to what Amazon or Google quoted. If you seem at this market you see HP trying to reinvent itself,” Rebello added.

For any organization IT store, the personal cloud can offer advantages. The business controls its own safety with a private system, and IT knows exactly where it’s data is sitting. The IT company has complete manage of the systems.

A private cloud, however, will also need regular savings, noted Rebello. The owners will have to appoint people to run it and will be in charge for system upgrades, virus protection and other security issues — and any other major problems when they happen.

“It’s a question of control versus cost,” said Rebello.

He did note that HP’s use of OpenStack should make the offering more attractive to IT administrators.

“I think the fact that HP is embracing OpenStack makes the IT guys think that what they create for this system can be migrated to other systems because it’s open source,” said Rebello.

“It’s not proprietary for HP any longer so they can transfer it to other architectures. They see the reimbursement of open source and the payback of having security of a personal cloud and the safety of having a large player like HP serving them with their organizations,”


MCTS Training, MCITP Trainnig

Best HP Certification Training and HP Exams Training  and more HP exams log in to Certkingdom.com

Posted in HP | Tagged , , , , , | Leave a comment

Heartbleed Bug hits at heart of many Cisco, Juniper products

Cisco, Juniper say to expect security advisory updates related to Heartbleed

The Heartbleed Bug, a flaw in OpenSSL that would let attackers eavesdrop on Web, e-mail and some VPN communications, is a vulnerability that can be found not just in servers using it but also in network gear from Cisco and Juniper Networks. Both vendors say there’s still a lot they are investigating about how Heartbleed impacts their products, and to expect updated advisories on a rolling basis.

Juniper detailed a long list in two advisories, one here and the other here. Cisco acted in similar fashion with its advisory.

“Expect a product by product advisory about vulnerabilities,” says Cisco spokesman Nigel Glennie, explaining that Cisco engineers are evaluating which Cisco products use the flawed versions of OpenSSL that may need a patch though not all necessarily will. That’s because Cisco believes it’s a specific feature in OpenSSL that is at the heart of the Heartbleed vulnerability and that it’s not always turned on in products.

+More on Network World: Who’s to blame for ‘catastrophic’ Heartbleed Bug? | Cisco advisory on impact to products of Heartbleed Bug | Juniper advisories on Heartbleed Bug +

So far, Cisco has carved out a list of about a dozen products listed as confirmed “vulnerable” to exploits based on the Heartbleed Bug, plus another list of over 60 products considered “affected” because of OpenSSL but still being investigated. About two dozen products have been confirmed to be “not vulnerable,” as well as the hosted Cisco service called Cisco Meraki Dashboard. Cisco also says its Webex service was vulnerable to the Heartbleed Bug but has been fixed.

This long list made by Cisco is subject to change and updates and at any moment, no specific software security updates have been made available, though could change at any time. Although the open-source OpenSSL group has issued software updates to patch the Heartbleed flaw, Cisco notes the appropriate process for Cisco products relies on Cisco evaluation and patch updates directly from Cisco.

The Heartbleed Bug is a vulnerability that appears to have existed in OpenSSL for about two years due to a simple coding mistake recently discovered by Google and Codenomicon security researchers and disclosed on Monday.

Cisco found out about the Heartbleed Bug at the same time as everyone else did when the OpenSSL site went public with the information, Glennie notes. Heartbleed is resulting in a staggering amount of ongoing work by Cisco engineers to determine its impact on Cisco gear.

Some security experts, including cryptography expert Bruce Schneier, are describing the Heartbleed Bug as a ‘catastrophic’ flaw because the vulnerable version of OpenSSL can be exploited by savvy attackers to eavesdrop on passwords or steal encryption certificates and keys. Cisco, though, says right now it’s giving Heartbleed a middle-range score on its severity rating scale in terms of Cisco products, noting that might rise in some cases based on specific ways any vulnerable versions of OpenSSL are used in Cisco products.

The main Cisco products now clearly evaluated as “vulnerable” are the Cisco AnyConnect Secure Mobility Client for iOS, Cisco IOS XE, the Cisco UCS B-Series (Blade) Servers, Cisco UCS C-Series (Standalone Rack Servers), Cisco Unified Communication Manager 10.0, Cisco Desktop Collaboration Experience DX650, Cisco TelePresence Video Communication Server, and three versions of Cisco IP phones.

But some Cisco IP phones have already been determined to be not vulnerable. Many other Cisco products are also not vulnerable, including Cisco Wireless LAN Controller, and the Cisco Web Security Appliance, the Cisco Content Management Appliance, Cisco e-mail security appliance.

Still under investigation is Cisco IOS, Cisco Identity Service Engine, and Cisco Secure Access Control Server, Cisco Cloud Web Security, and Cisco Catalyst 6500 Series and Cisco 7600 Series Firewall Services Module, plus dozens of others. Cisco will be continuously updating these lists based on known determinations of vulnerability, with any fixes needed for Heartbleed suggested in the future.

Juniper didn’t provide a spokesperson to discuss Heartbleed, but issued a statement saying, “The Juniper Networks Security Incident Response Team (SIRT) is aware of the OpenSSL vulnerability impacting the industry and is working round the clock on fixes to address potential risks to some Juniper products.”

Juniper notes it has published an advisory, which lists several vulnerable products, including those based on Junos OS 13.3R1, and Odyssey client 5.6r5 and later. Also vulnerable to Heartbleed Bug issues are the Juniper SSL VPN (IVEOS) 7.4r1 and later, and SSL VPN (IVEOS) 8.0r1 and later. Some products are listed as “fixed.”

Products listed as “not vulnerable” include Junos OS 13.2 and earlier, non-FIPS version of Network Connect clients not vulnerable, and SSL VPN (IVEOS) 7.3, 7.2 and 7.1. Several other network and security products are also listed as “not vulnerable.” Other Juniper products listed as under investigation, including Stand Alone IDP, ADC and WL-Series (SmartPass).

In addition to this wide range of network gear impacted by the Heartbleed Bug, some versions of the Android operating system also appear to be subject to Heartbleed, according to mobile security vendor Lookout Security.

Marc Rogers, principal security researcher at Lookout, says so far the security firm has determined that the vulnerable versions of Google Android include only versions 4.1.1 and 4.2.2. The current version of Android 4.5 is not impacted, according to Lookout, likely because the feature causing all the Heartbleed commotion in OpenSSL was not enabled. Lookout has created a tool to let mobile-device users test for vulnerability to Heartbleed.

An Android fix for Heartbleed is something Lookout says it can’t provide but should come from the Android open-source project, which


 

Cisco CCNA Training, Cisco CCNA Certification

Best comptia A+ Training, Comptia A+ Certification at Certkingdom.com

Posted in Cisco | Tagged , , , , | Comments Off

After Heartbleed, Comodo cranks out new SSL certificates

Comodo’s chief technology officer warns it is still very early in the remediation processTens of thousands of new digital certificates have been issued by Comodo in the wake of the “Heartbleed” security flaw, which has put Internet users’ data at risk.

One of New Jersey-based Comodo’s main business lines is issuing the digital certificates that encrypt traffic between users and a Web service, a critical shield that protects users from spying by third parties.

Over the last day or so, Comodo has seen a huge uptick in requests for new digital certificates from website operators, said Robin Alden, Comodo’s chief technology officer.
Robin Alden
Robin Alden, CTO of Comodo

“The last couple of days, we’ve seen replacement rates running at somewhere between 10 to 12 times the normal rate than were replacing a week ago,” Alden said. “That’s obviously fallout from this.”

The spike comes after the disclosure on Monday of the so-called Heartbleed vulnerability in an open-source software package, OpenSSL, widely used in operating systems, routers and networking equipment.

It is believed the flaw might in some cases allow an attacker to obtain the private key for a SSL (Secure Sockets Layer) certificate. With that private key, an attacker could create a fake website with an SSL certificate that passes the verification test indicated by a browser’s padlock.

The flaw can also be used by an attacker to pull sensitive data in 64K chunks from a Web server, including login information from users who recently used the service.

Netcraft, a UK-based company that specializes in security and compiles statistics on Web servers, wrote on Tuesday that the OpenSSL vulnerability affects as many as 500,000 websites using digital certificates issued by trusted certificate authorities.

On Thursday, the Federal Financial Institutions Examination Council warned that financial institutions should consider replacing their digital certificates after patching the Heartbleed bug.

It was unknown if cybercriminals or state-sponsored hackers had been exploiting the flaw prior to its public release on Monday since the attacks are thought to not leave traces in server logs.

Comodo, which is the second-largest issuer of SSL certificates behind Symantec’s VeriSign division, has been contacting customers and conducting automated scanning of websites using its certificates to try to find vulnerable ones, Alden said.

“We’re going to keep looking for affected servers and detect whether the server is capable of being exploited,” Alden said.

About 70 percent of Comodo’s customers who have replaced their digital certificate have revoked the old one, Alden said. Certificates that are no longer valid are blacklisted, and browsers that come across a website using one will typically display a warning.

The next step for affected websites that were vulnerable is issuing a password reset to users, as the passwords could have been compromised, Alden said. But the vast scope of the problem due to the wide use of OpenSSL means the remediation process could be lengthy.

“It’s quite early in the life of this incident,” Alden said. “There’s going to be more fallout from this thing to come. In time, I think a lot of users are going to have to change their passwords.”

 


Cisco CCNA Training, Cisco CCNA Certification
Best comptia A+ Training, Comptia A+ Certification at Certkingdom.com


Posted in Tech | Tagged , , , , , | Comments Off